Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title evolution and evolution-data-server security update
Informations
Name RHSA-2009:0355 First vendor Publication 2009-03-16
Vendor RedHat Last vendor Modification 2009-03-16
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated evolution and evolution-data-server packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment.

Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications.

Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547)

It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582)

Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587)

All users of evolution and evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution and evolution-data-server must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

484925 - CVE-2009-0547 evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM) 487685 - CVE-2009-0582 evolution-data-server: insufficient checking of NTLM authentication challenge packets 488226 - CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-0355.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-310 Cryptographic Issues
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)
33 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10081
 
Oval ID: oval:org.mitre.oval:def:10081
Title: The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Description: The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0582
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11385
 
Oval ID: oval:org.mitre.oval:def:11385
Title: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.
Description: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0587
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12702
 
Oval ID: oval:org.mitre.oval:def:12702
Title: DSA-1813-1 evolution-data-server -- Several vulnerabilities
Description: Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution, these problems have been fixed in version 1.6.3-5etch2. For the stable distribution, these problems have been fixed in version 2.22.3-1.1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 2.26.1.1-1. We recommend that you upgrade your evolution-data-server packages.
Family: unix Class: patch
Reference(s): DSA-1813-1
CVE-2009-0587
CVE-2009-0547
CVE-2009-0582
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13169
 
Oval ID: oval:org.mitre.oval:def:13169
Title: USN-733-1 -- evolution-data-server vulnerability
Description: It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-733-1
CVE-2009-0587
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 6.06
Product(s): evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13406
 
Oval ID: oval:org.mitre.oval:def:13406
Title: DSA-1813-2 evolution-data-server -- Several vulnerabilities
Description: The previous update introduced a regression that stopped encrypted and signed S/MIME messages to work properly. Also, there have been other regressions caused by the introduction of an undefined symbol. This update corrects these flaws. For reference the original advisory text is below. Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution, these problems have been fixed in version 1.6.3-5etch3. For the stable distribution, these problems have been fixed in version 2.22.3-1.1+lenny2. For the testing distribution and the unstable distribution , these problems have been fixed in version 2.26.1.1-1. We recommend that you upgrade your evolution-data-server packages.
Family: unix Class: patch
Reference(s): DSA-1813-2
CVE-2009-0587
CVE-2009-0547
CVE-2009-0582
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21826
 
Oval ID: oval:org.mitre.oval:def:21826
Title: ELSA-2009:0354: evolution-data-server security update (Moderate)
Description: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.
Family: unix Class: patch
Reference(s): ELSA-2009:0354-01
CVE-2009-0547
CVE-2009-0582
CVE-2009-0587
Version: 17
Platform(s): Oracle Linux 5
Product(s): evolution28-evolution-data-server
evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28741
 
Oval ID: oval:org.mitre.oval:def:28741
Title: RHSA-2009:0354 -- evolution-data-server security update (Moderate)
Description: Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications.
Family: unix Class: patch
Reference(s): RHSA-2009:0354
CVE-2009-0547
CVE-2009-0582
CVE-2009-0587
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Product(s): evolution28-evolution-data-server
evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8011
 
Oval ID: oval:org.mitre.oval:def:8011
Title: DSA-1813 evolution-data-server -- Several vulnerabilities
Description: Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service.
Family: unix Class: patch
Reference(s): DSA-1813
CVE-2009-0587
CVE-2009-0547
CVE-2009-0582
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9619
 
Oval ID: oval:org.mitre.oval:def:9619
Title: Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
Description: Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0547
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 2

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for evolution28-evolution-data-server CESA-2009:0354 centos4 i386
File : nvt/gb_CESA-2009_0354_evolution28-evolution-data-server_centos4_i386.nasl
2011-08-09 Name : CentOS Update for evolution CESA-2009:0355 centos4 i386
File : nvt/gb_CESA-2009_0355_evolution_centos4_i386.nasl
2011-08-09 Name : CentOS Update for evolution CESA-2009:0358 centos3 i386
File : nvt/gb_CESA-2009_0358_evolution_centos3_i386.nasl
2009-10-13 Name : SLES10: Security update for evolution-data-server
File : nvt/sles10_evolution-data-.nasl
2009-10-11 Name : SLES11: Security update for Evolution
File : nvt/sles11_evolution-data-.nasl
2009-06-09 Name : Debian Security Advisory DSA 1813-1 (evolution-data-server)
File : nvt/deb_1813_1.nasl
2009-05-25 Name : CentOS Security Advisory CESA-2009:0354 (evolution-data-server)
File : nvt/ovcesa2009_0354.nasl
2009-05-25 Name : CentOS Security Advisory CESA-2009:0355 (evolution-data-server)
File : nvt/ovcesa2009_0355.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-03-31 Name : Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
File : nvt/mdksa_2009_078.nasl
2009-03-20 Name : RedHat Security Advisory RHSA-2009:0355
File : nvt/RHSA_2009_0355.nasl
2009-03-20 Name : Ubuntu USN-734-1 (ffmpeg-debian)
File : nvt/ubuntu_734_1.nasl
2009-03-20 Name : Ubuntu USN-733-1 (evolution-data-server)
File : nvt/ubuntu_733_1.nasl
2009-03-20 Name : CentOS Security Advisory CESA-2009:0358 (evolution)
File : nvt/ovcesa2009_0358.nasl
2009-03-20 Name : Fedora Core 9 FEDORA-2009-2792 (evolution-data-server)
File : nvt/fcore_2009_2792.nasl
2009-03-20 Name : Fedora Core 10 FEDORA-2009-2784 (evolution-data-server)
File : nvt/fcore_2009_2784.nasl
2009-03-20 Name : RedHat Security Advisory RHSA-2009:0358
File : nvt/RHSA_2009_0358.nasl
2009-03-20 Name : RedHat Security Advisory RHSA-2009:0354
File : nvt/RHSA_2009_0354.nasl
2009-03-18 Name : Evolution Data Server Multiple Integer Overflow Vulnerabilities
File : nvt/gb_evolution_data_server_mult_int_overflow_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52703 Evolution Data Server libcamel camel/camel-mime-utils.c Base64 String Handlin...

52702 Evolution Data Server evc addressbook/libebook/e-vcard.c Base64 String Handli...

52701 Evolution Signed-data Blob S/MIME Message Signature Verification Weakness

52673 Evolution Data Server Camel camel/camel-sasl-ntlm.c ntlm_challenge Function T...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0358.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0355.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0354.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090316_evolution_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090316_evolution_data_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090316_evolution_and_evolution_data_server_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_evolution-data-server-7029.nasl - Type : ACT_GATHER_INFO
2010-05-07 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_evolution-data-server-100414.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_evolution-data-server-100208.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_evolution-data-server-6166.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_evolution-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_evolution-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_evolution-data-server-090416.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1813.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0354.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0355.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_evolution-data-server-6171.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-733-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-078.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2784.nasl - Type : ACT_GATHER_INFO
2009-03-19 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2792.nasl - Type : ACT_GATHER_INFO
2009-03-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0358.nasl - Type : ACT_GATHER_INFO
2009-03-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0355.nasl - Type : ACT_GATHER_INFO
2009-03-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0354.nasl - Type : ACT_GATHER_INFO
2009-03-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0358.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:22
  • Multiple Updates